Privacy Policy

1. Introduction

Kinvera is a prevention-focused digital platform designed to help families understand their health history and make informed decisions about their future. Kinvera is not a HIPAA-covered entity; however, we apply enterprise-grade safeguards to personal health-related information.

2. Information We Collect

Information you provide may include name, email, date of birth, family relationships, and self-reported health history. We may also collect device and usage data to secure and improve the platform.

3. How We Use Information

We use your information to provide prevention dashboards, generate summaries, maintain account security, improve the platform, and comply with legal obligations. We do not sell identifiable personal health data.

4. Aggregated & De-Identified Data

Kinvera may create de-identified, aggregated datasets that cannot reasonably identify any individual. Such data is not considered "personal information" under applicable privacy laws. Kinvera may use, license, sell, publish, or otherwise share de-identified data for any lawful purpose, including but not limited to:

• Internal analytics and product improvement
• Academic and clinical research collaborations
• Commercial licensing to healthcare organizations, insurers, pharmaceutical companies, and other third parties
• Publication of population health insights

De-identification is performed using industry-standard techniques aligned with HIPAA Safe Harbor or Expert Determination methods. We do not report on groups smaller than 50 individuals, and we do not re-identify data once de-identified.

5. Advertising & Marketing

Advertising is contextual by default. Personalized health-based recommendations require explicit opt-in. Kinvera does not allow off-platform targeted advertising.

6. Insurer-Sponsored Access

Insurers receive aggregated, de-identified insights by default. Individual-level data is shared only with explicit user opt-in and may be revoked at any time.

7. Research Partnerships

Research collaborations use aggregated, de-identified data and require formal data use agreements.

8. Third-Party Services

The Kinvera app may use third-party services for analytics, crash reporting, and performance monitoring (e.g., Firebase, Mixpanel). These services may collect device identifiers and usage data subject to their own privacy policies. We do not share identifiable health information with these providers.

9. Tracking & Advertising Identifiers

Kinvera does not track you across apps or websites owned by other companies. If this changes, we will request your permission in accordance with Apple's App Tracking Transparency framework before enabling any such tracking.

10. Push Notifications

With your consent, we may send push notifications related to prevention reminders, account updates, or platform features. You may disable notifications in your device settings.

11. Your Privacy Rights

Depending on your state of residence, you may access, correct, delete, download, or opt out of certain data uses. Requests may be submitted to hello@kinverahealth.com.

12. Data Security

Kinvera implements encryption in transit and at rest, role-based access controls, logging, vendor oversight, and breach response procedures aligned with the FTC Health Breach Notification Rule.

13. Data Retention

We retain identifiable data only as long as necessary to provide services or comply with legal obligations. Users may request deletion at any time.

14. Data Deletion Workflow

Deletion requests may be submitted via account settings or email. Upon verification of identity, Kinvera will log the deletion request, remove identifiable data from active systems, flag associated data for purge from backups within defined retention windows, and confirm deletion completion to the user. Aggregated, de-identified statistical data that cannot reasonably be linked back to an individual may be retained.

15. Children's Privacy

Kinvera is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us information, contact hello@kinverahealth.com.

16. Regulatory Alignment

Kinvera aligns with FTC Health Breach Notification Rule and applicable state privacy statutes including CCPA/CPRA, Washington My Health My Data Act, Maryland MODPA, Colorado CPA, Virginia VCDPA, Connecticut CTDPA, Texas TDPSA, and Utah UCPA. We apply a highest-common-denominator framework across users.

17. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the platform or via email.

18. Contact

Kinvera

Email: hello@kinverahealth.com